From f15d0229b63b75a6e2ba2408210fddf48b9c1989 Mon Sep 17 00:00:00 2001
From: Jacob Dreesen <j.dreesen@neusta.de>
Date: Fri, 12 Nov 2021 10:51:08 +0100
Subject: [PATCH] Mitigate https://httpoxy.org/ vulnerabilities in nginx.conf

See: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/#Defeating-the-Attack-using-NGINX-and-NGINX-Plus
---
 .docker/nginx.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.docker/nginx.conf b/.docker/nginx.conf
index 1a443d1d5..a4771f0dc 100644
--- a/.docker/nginx.conf
+++ b/.docker/nginx.conf
@@ -7,7 +7,6 @@ upstream php-pimcore10 {
     server php-fpm:9000;
 }
 
-
 upstream php-pimcore10-debug {
     server php-fpm-debug:9000;
 }
@@ -131,6 +130,9 @@ server {
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         fastcgi_param DOCUMENT_ROOT $realpath_root;
 
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
         # If Xdebug session is requested, pass it to the Xdebug enabled container
         if ($http_cookie ~* "XDEBUG_SESSION") {
             fastcgi_pass php-pimcore10-debug;